I decided to take another crack at this problem and finally found a solution.
First, I needed to move my
Second, I needed to update
/etc/ca-certificates.conf with the line
Third, I needed to run
Finally, I needed to remove the
ssl.cafile option from my PHP stream context (I can't seem to get it to work with this line in place).
CAFile option in
/etc/mongod.conf is unnecessary as well, and is problematic unless it uses the
allowConnectionsWithoutCertificates: true line noted in the other answer.
That was a mess, but everything works now!